Regain  control  of  access  to  your  information 
system 


How  can  you  control  the  security  of  access  to  your  information  system,  in  an  increasingly 
more  complex  technical  environment,  under  the  pressure  of  business  constraints  and 
compliance?  Evidian  Identity  & Access  Manager  (l&A  Manager)  allows  you  to  take  regain 
control  of  accesses  with  a complete  and  integrated  solution  that  reduces  the  management 
costs  of  the  lifecycle  of  digital  identities. 


The  development  and  globalization  of  the 
ecosystem  of  companies  and  organizations 
has  accelerated  the  expansion  and  openness 
of  information  systems. 

The  proliferation  of  IT  resources  and  the 
emergence  of  new  employee  needs  for 
mobility  and  collaboration  have  considerably 
complicated  the  complexity  of  user  access 
rights  management. 

How  can  you  respond  to  new  regulatory 
constraints  related  to  the  governance, 
liability,  traceability,  and  auditability  of 
access  to  your  information  system? 

Evidian  identify  & Access  Manager 

helps  you  to  regain  control  of  access  to  your 
applications  by: 

Organizing  and  unifying  digital  user 
identities  across  multiple  sites  or 
organizations. 

Streamlining  the  automatic  and  manual 
processes  of  assigning  access  rights  under 
a central  policy. 

Automating  the  effective  implementation  of 
the  access  policy  and  the  continuous 
monitoring  of  its  correct  application 
Facilitating  audits  of  user  access  rights. 


Manage  digital  identities 

Unify  and  consolidate  the  digital  identities 
of  your  users,  whether  they  are  employees, 
suppliers,  or  partners,  using  existing  identity 
sources  (HR,  purchasing,  etc.)  or  manually 
through  a simple  tool. 

Streamline  your  access  policies 

Define  and  implement  processes  for 
assigning  access  rights  to  the  information 
system,  whether  automatically  based  on  roles 
or  manually,  including  hierarchical  approval. 

And  ensure  their  implementation 

Create  or  delete  rights  directly  in  the  IT 
resources,  in  compliance  with  the  access 
policy. 

Implement  continuous  control  to  detect  and 
reconcile  differences  between  the  required 
policy  and  the  effective  rights  in  the 
applications. 

Facilitate  audits 

Quickly  list  the  access  rights  that  your  current 
users  have  in  your  information  system. 

Easily  obtain  the  report  of  IT  resource  access 
rights  for  all  of  your  users. 


lululu. evidian. com 


evioinn 

R Bull  Group  Company 


39  A2  22LX  00 


Facilitate  identity  management 

Eviction  Identity  & Access  Manager 

makes  it  possible  to  have  a single 
view  from  multiples  sources  of  existing 
identities  (HR  systems  and  supplier 
databases  from  multiple  sites  or 
subsidiaries).  This  consolidated  view 
helps  you  to  master  and  streamline 
the  management  of  digital  user 
identities. 

Implement  access  governance 

The  management  module  automates 
the  assignment  of  access  rights  based 
on  roles  in  your  organization. 


User  arrival 

• New  employees  are  detected  in 
the  identity  sources  (HR  system, 
temporary  workforce  base...] 

•Edit  and  activate  their  identity 
record 

•Define  or  validate  their  positions 
and  hierarchical  relationships 


Role-based  access 

•Access  rights  depend  on  users' 
roles  and  organizations 
•Automatically  takes  role  or 
organization  change  into  account 
•l&A  Manager  directly  creates 
accounts  in  the  applications 


User  departure 

•Automatically  detects  when  user  is 
removed  from  the  identity  sources 

•You  can  also  manually  declare  that 
a user  has  left 

•Rights  are  immediately  deactivated 
or  removed  in  the  applications  and 
user  access  services 


Access  requests 

• Users  request  additional  rights  via  a 
web  page 

•An  approval  processes  starts,  the 
hierarchy  validates  requests  or  not 

•After  validation,  the  access  rights 
are  updated  and  directly  created  in 
applications  and  resources 


The  Workflow  module  manages 
unitary  requests  via  a controlled 
approval  process. 

The  native  integration  of  these  two 
modules  ensures  the  coherence  of 
access  rights  management  policies. 

Simplify  the  compliance 
process 

The  interoperability  with  user  access 
services,  such  as  Enterprise  SSO  or 
Web  Access  Manager,  speeds  up  the 
inventory  of  the  rights  that  exist  in 
your  information  system.  Audit  events 
are  thus  consolidated  in  a single 
database,  making  it  easy  to  create 
custom  compliance  reports. 

Improve  productivity 

New  users  get  the  rights  they  need 
for  their  job  more  quickly.  When  they 
switch  jobs,  their  profiles  are 
automatically  adjusted.  They  can 
request  additional  rights  through  a 
simple  interface. 


A comprehensive  solution 

l&A  Manager  is  a simple,  consistent 
and  natively  integrated  solution. 

With  just  one  software  tool,  it  is 
possible  to  define  and  maintain 
digital  identities,  manage  access 
rights,  implement  approval  channels, 
and  updated  accounts.  Ready-to-use 
scenarios  are  included  for  the  most 
common  actions. 

For  business  users 

l&A  Manager  administration  is 
done  according  to  business  roles, 
delegation  and  procedures  started 
by  the  users  themselves.  The  manage- 
ment console  offers  IT  and  information 
security  officers  a control  tower  of 
existing  access  policies  and  access 
rights  used. 

Facilitating  globalization 

l&A  Manager  can  unify  the  access 
policies  of  multiple  sites  or 
subsidiaries.  Its  native  multilingual 
support  and  gradual  scalability 
capabilities  make  it  possible  to 
deploy  in  international  organizations. 


Consolidating  existing  assets 

!8cA  Manager  works  with  already 
deployed  provisioning  systems,  user 
access  services,  and  SSO  systems; 
there  is  no  need  to  replace  them. 

It  consolidates  existing  identity  sources 
in  a single  view.  It  can  also  federate 
existing  Evidian  AccessMaster 
servers. 

Simple  installation 

The  modules  are  installed  through  a 
simple  process.  l&A  Manager  resides 
on  one  or  more  physical  or  virtual 
servers,  thus  making  it  easily  scalable. 
The  reconciliation  engine  natively 
includes  connectors  to  quickly 
provision  the  IT  resources  that  are 
necessary  to  user  accesses. 

Implementation  cost  control 

l&A  Manager  protects  existing 
investments  in  your  organization.  It 
uses  existing  identity  directories  and 
does  not  require  a specific 
infrastructure.  Natively  integrated,  it 
significantly  reduces  deployment  time 
and  costs. 
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['authentication  unique  au  service  des  metiers 
des  organisations 


Comment  eviter  que  vos  utilisateurs  soient  submerges  de  mots  de  passe  difficiles  a gerer  ? 
Evidian  Enterprise  SSO  est  I'authentification  unique  et  agile  adoptee  a tous  les 
utilisateurs,  tous  les  metiers  et  toutes  les  organisations. 


En  automatisant  la  gestion  des  mots  de 
passe,  Evidian  Enterprise  SSO  facilite  la  vie 
des  utilisateurs  tout  en  vous  laissant  piloter 
votre  politique  de  securite. 

Facilitez  et  renforcez  I'acces  a vos 
applications 

Evidian  Enterprise  SSO  saisit  automati- 
quement  les  mots  de  passe  des  applications 
et  peut  les  changer  a la  place  de 
I'utilisateur,  selon  une  politique  stricte  que 
vous  definissez.  La  securite  d'acces  a vos 
applications  est  assuree. 

Vos  utilisateurs  se  conforment  ainsi 
naturellement  a la  politique  de  securite. 

Vous  gerez  les  droits  d'acces  et  les  roles 
en  quelques  dies.  Par  exemple,  vous 
pouvez  proteger  par  carte  a puce  les  PC 
des  vendeurs,  ou  restreindre  I'acces  a 
[application  de  la  paye  aux  comptables. 

Optimisez  vos  coots 

Chaque  appel  au  support  genere  des  couts. 
Grace  au  SSO,  ces  appels  baissent  jusqu'a 
30%  car  les  employes  ne  perdront  plus  les 
mots  de  passe  des  applications. 

Et  vous  evitez  les  coOteux  blocages  de 
compte  causes  par  les  fautes  de  frappe 
lors  de  la  saisie  des  mots  de  passe. 


Securisez  les  comptes  portages 
et  les  delegations  entre  utilisateurs 

Evidian  Enterprise  SSO  permet  a vos 
employes  de  partager  des  comptes 
generiques  en  toute  securite,  ou  de 
deleguer  des  acces  a un  collegue.  I Is  n'ont 
pas  besoin  de  reveler  leurs  mots  de  passe. 
Et  leurs  acces  sont  audites  nominativement. 

Grace  a un  portail  optionnel,  un  utilisateur 
malade  ou  en  conges  peut  deleguer  tout  ou 
partie  de  ses  comptes  de  son  domicile,  via 
une  page  web  ; ceci  sous  le  controle  de  la 
politique  de  securite. 

Assurez  la  conformite  de  votre 
informatique 

Evidian  Enterprise  SSO  vous  aide 
a respecter  vos  exigences  legates  et 
reglementaires  : PCI  DSS,  decret  de 
confidentiality  medicate  ou  loi  sur  la 
securite  financiere. 

Vous  pouvez  surveiller  les  tentatives 
d'acces  des  employes  aux  applications 
et  aux  PC.  Tous  ces  acces  sont  nominatifs, 
y compris  ceux  aux  comptes  Windows  et 
applicatifs  generiques.  Vous  pouvez  ainsi 
demontrer  que  votre  politique  d'acces  est 
respectee  et  remplit  ses  objectifs. 
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Une  solution  non  intrusive 

Aucune  modification  des 
applications  n'est  necessaire. 

Evidian  Enterprise  SSO  fournit 
I'authentification  unique  a de 
nombreux  types  d'applications  : 
Windows,  web,  emulateur  de 
terminal... 

Evidion  Enterprise  SSO  dresse 
automatiquement  la  liste  des 
comptes  actifs  dans  vos 
applications.  Cela  vous  permet 
d'optimiser  vos  coOts  de  licences. 

Protegez  vos  applications 
en  acces  web 

Avec  le  module  additionnel  Evidion 
Web  Access  Manager,  vous  ouvrez 
un  acces  securise  a distance  a vos 
applications  web  ou  Citrix. 

Acces  interne  et  web  utilisent  la 
meme  base  de  mots  de  passe 
applicatifs.  Cela  evite  toute 
desynchronisation  entre  differentes 
solutions  d'authentification  unique. 

Deployment  facile  dans  votre 
infrastructure  existante 

Evidian  Enterprise  SSO  collecte  les 
mots  de  passe  des  utilisateurs,  ce  qui 
evite  de  les  redefinir.  Vous  pouvez 
commencer  par  un  seul  departement 
et  etendre  ensuite  le  SSO  a des 
milliers  de  PC. 


Authentification  renforcee 

Evidian  Enterprise  SSO  peut  etre 
complete  par  Evidian  Authentication 
Manager  qui  gere  I'authentification 
forte  : biometrie,  carte  a puce, 
badge  radio  RFID,  jeton  USB... 

S'il  oublie  de  son  mot  de  passe 
Windows  ou  si  sa  carte  ne 
fonctionne  plus,  un  employe  peut 
debloquer  son  acces  - meme  hors 
connexion,  avec  ou  sans  I'aide  du 
support. 

Fonctionnalites  adaptees 
au  metier  de  vos  employes 

Avec  Evidian  Authentication 
Manager,  vendeurs  et  employes 
d'agence  partagent  des  PC  en 
kiosque.  I Is  retrouvent  leur 
environnement  personnel  en 
quelques  secondes,  sans  devoir 
clore  ou  ouvrir  la  session  Windows. 

En  hopital,  quand  les  medecins 
assurent  une  ronde,  leur  session  de 
travail  se  deplace  avec  eux.  Ils  y 
accedent  sur  simple  presentation 
d'un  badge  radio  ou  d'une  carte. 

Les  traders  et  techniciens  de  salles 
de  controle  n'ont  besoin  que  d'une 
seule  authentification  pour 
debloquer  une  grappe  de  PC,  la 
bloquer,  ou  en  deleguer  tout  ou 
partie,  de  facon  permanente  ou 
temporaire. 


Integration  avec  la  gestion 
des  identites 

Evidian  Enterprise  SSO  est  integre 
nativement  a Evidian  Identity  & 
Access  Manager,  la  solution  de 
gestion  des  identites  et  des  acces 
d'  Evidian. 

Ainsi,  vous  pouvez  aisement  ajouter 
des  fonctions  de  gestion  des 
identites  a votre  installation  : 

Avec  le  provisionnement,  vous  ne 
distribuez  plus  de  mot  de  passe 
aux  utilisateurs.  Une  fois  les 
comptes  applicatifs  crees, 
supprimes  ou  mis  a jour,  ils  sont 
automatiquement  synchronises 
avec  Evidian  Enterprise  SSO. 

Associe  a la  gestion  de  politique 

Evidian  Enterprise  SSO  permet  de 
connaitre  I'usage  reel  de  chaque 
compte  applicatif.  Vous  pouvez 
ainsi  eliminer  les  comptes 
dormants  et  obsoletes.  Et  vous 
etablissez  votre  politique  de 
securite  en  connaissant  a I'avance 
ses  impacts  sur  les  utilisateurs. 


Evidian  Enterprise  SSO  se  base  sur 
un  annuaire  LDAP,  Active  Directory 
ou  AD  LDS.  Aucun  boitier  materiel 
n'est  necessaire. 
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